Category Archives: 3CX

manually download phone firmware for 3cx phone system

You can download the latest supported phone or handset firmware for 3CX from here: https://www.3cx.com/support/phone-firmwares/

Insecure RC4 Cipher Suites and 56-bit encryption Enabled in 3CX V14 SP3

RC4 cipher suite is still enabled in Abyss Web Server X2 (Version 2.9.3.6) that is supplied with 3CX Version 14 Service Pack 3.

Version 2.11 of Abyss Web server X2 that was released on 5th April 2016 disabled the obsolete RC4 cipher suite as per RFC7465.
 

Outdated and vulnerable PostgreSQL version 9.2.4 used in 3CX V14 SP3

3CX Version 14 Service Pack 3 seems to include/use a very old and insecure PostgreSQL version 9.2.4 (released 04-04-2013).

There have been at least 13 releases since 9.2.4, the latest being 9.2.17 which have resolved the following vulnerabilities: CVE-2014-0066, CVE-2014-0065, CVE-2014-0064, CVE-2014-0063, CVE-2014-0062, CVE-2014-0061, CVE-2014-0060, CVE-2014-0067, CVE-2014-8161, CVE-2015-0244, CVE-2015-0243, CVE-2015-0242, CVE-2015-0241, CVE-2015-3167, CVE-2015-3166, CVE-2015-3165, CVE-2015-5288 … Continue Reading ››